asyncrat | cdcd218328855b099a8c344cfdd92eebe74b2cd90864e71a63be7c0bf3f9aa51 | Triage

Sharing

General

Target

69876b8eb6f1c737b7e9fb871e8050ef.bin
Size

86KB
Sample

230123-r5te3sfc9s
MD5

1e06de0368ea5d9027ad5a9d37b16178
SHA1

a75d8b32cc04dc521f32d124ec6fc788436d9118
SHA256

cdcd218328855b099a8c344cfdd92eebe74b2cd90864e71a63be7c0bf3f9aa51
SHA512

a009881d99e9cda07819d24750f137b205338fef2e3d911730f6fe5784158d1883b99df5a98f380519727e26703a6a232cb620a10dcf85cc9a8a544228978dd7
SSDEEP

1536:tTEg3wcZSruGItIzM+GNkNdl/1jPrrV5N/e8WPjJuhb8a:tr3RSzItr+jJ1P13Gwz

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

xxxprofxxx.dnsdojo.com:5126

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  9388bd306fa4c7b7d113d94f09ece73c78875fa7fb73c79de74f0919ba27b821.ps1
- Size
  
  259KB
- MD5
  
  69876b8eb6f1c737b7e9fb871e8050ef
- SHA1
  
  539344815be0698ba89f851d21ca1ee3715f6919
- SHA256
  
  9388bd306fa4c7b7d113d94f09ece73c78875fa7fb73c79de74f0919ba27b821
- SHA512
  
  5600bbb7a06ba986a96c44c8f029219d2751c4a01678f3bb2d521177c36e63a4920e29bd7cf44cd2313cb5b84462c8fe4a474bd941b792fc93fc7ec9ec5d6316
- SSDEEP
  
  3072:U+aRBniWM5QBpDowmGcAk3ApX92FpmIKKyDs4f4nx2:HSBnU8owmGcAk3ApX92bMDsA4nx2
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat